I2P Address: [http://git.idk.i2p]

Verified Commit 8d631239 authored by idk's avatar idk
Browse files

Implements a mostly-working Noise IK handshake on a socket with multiple...

Implements a mostly-working Noise IK handshake on a socket with multiple subsessions. Does not implement conns or listeners yet.
parent c6e359f1
......@@ -3,7 +3,11 @@ module github.com/go-i2p/go-i2p
go 1.16
require (
github.com/dchest/siphash v1.2.3 // indirect
github.com/emirpasic/gods v1.18.1
github.com/flynn/noise v1.0.0
github.com/go-noisesocket/noisesocket v0.0.0-20191014121341-f487ac765620
github.com/pkg/errors v0.9.1 // indirect
github.com/sirupsen/logrus v1.9.0
github.com/stretchr/testify v1.7.0
golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa
......
github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/dchest/siphash v1.2.3 h1:QXwFc8cFOR2dSa/gE6o/HokBMWtLUaNDVd+22aKHeEA=
github.com/dchest/siphash v1.2.3/go.mod h1:0NvQU092bT0ipiFN++/rXm69QG9tVxLAlQHIXMPAkHc=
github.com/emirpasic/gods v1.18.1 h1:FXtiHYKDGKCW2KzwZKx0iC0PQmdlorYgdFG9jPXJ1Bc=
github.com/emirpasic/gods v1.18.1/go.mod h1:8tpGGwCnJ5H4r6BWwaV6OrWmMoPhUl5jm/FMNAnJvWQ=
github.com/flynn/noise v1.0.0 h1:DlTHqmzmvcEiKj+4RYo/imoswx/4r6iBlCMfVtrMXpQ=
github.com/flynn/noise v1.0.0/go.mod h1:xbMo+0i6+IGbYdJhF31t2eR1BIU0CYc12+BNAKwUTag=
github.com/go-noisesocket/noisesocket v0.0.0-20191014121341-f487ac765620 h1:MjTFQi2DyJifqefRVjAs+P2gaoUAj2rcDpYX7ERggEA=
github.com/go-noisesocket/noisesocket v0.0.0-20191014121341-f487ac765620/go.mod h1:y9SBFk2hEIPWY7Aj3bXG+K1xp8wWnQ6kVq2wsYSPByU=
github.com/kr/pretty v0.2.1 h1:Fmg33tUaq4/8ym9TJN1x7sLJnHVwhP33CNkpYV/7rwI=
github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE=
github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
github.com/sirupsen/logrus v1.8.1 h1:dJKuHgqk1NNQlqoA6BTlM1Wf9DOH3NBjQyu0h9+AZZE=
github.com/sirupsen/logrus v1.8.1/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0=
github.com/sirupsen/logrus v1.9.0 h1:trlNQbNUG3OdDrDil03MCb1H2o9nJ1x4/5LYw7byDE0=
github.com/sirupsen/logrus v1.9.0/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
github.com/stretchr/testify v1.7.0 h1:nwc3DEeHmmLAfoZucVR881uASk0Mfjw8xYJ99tb5CcY=
github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
golang.org/x/crypto v0.0.0-20210415154028-4f45737414dc h1:+q90ECDSAQirdykUN6sPEiBXBsp8Csjcca8Oy7bgLTA=
golang.org/x/crypto v0.0.0-20210415154028-4f45737414dc/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4=
golang.org/x/crypto v0.0.0-20210322153248-0c34fe9e7dc2/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4=
golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa h1:zuSxTR4o9y82ebqCUJYNGJbGPo6sKVl54f/TVDObg1c=
golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20201119102817-f84b799fce68 h1:nxC68pudNYkKU6jWhgrqdreuFiOQWj1Fs7T3VrH4Pjw=
golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
......@@ -31,7 +38,8 @@ golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9sn
golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c h1:dUUwHk2QECo/6vqA44rthZ8ie2QXMNeKRTHCNY2nXvo=
gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
package noise
import (
"bytes"
"crypto/rand"
"encoding/binary"
"errors"
"io"
"github.com/flynn/noise"
)
func ComposeInitiatorHandshakeMessage(s noise.DHKey, rs []byte, payload []byte, ePrivate []byte) (negData, msg []byte, state *noise.HandshakeState, err error) {
if len(rs) != 0 && len(rs) != noise.DH25519.DHLen() {
return nil, nil, nil, errors.New("only 32 byte curve25519 public keys are supported")
}
var pattern noise.HandshakePattern
negData = make([]byte, 6)
copy(negData, negotiationData)
pattern = noise.HandshakeIK
negData[5] = NOISE_PATTERN_IK
var random io.Reader
if len(ePrivate) == 0 {
random = rand.Reader
} else {
random = bytes.NewBuffer(ePrivate)
}
prologue := make([]byte, 2, uint16Size+len(negData))
binary.BigEndian.PutUint16(prologue, uint16(len(negData)))
prologue = append(prologue, negData...)
prologue = append(initString, prologue...)
state, err = noise.NewHandshakeState(noise.Config{
StaticKeypair: s,
Initiator: true,
Pattern: pattern,
CipherSuite: noise.NewCipherSuite(noise.DH25519, noise.CipherAESGCM, noise.HashBLAKE2b),
PeerStatic: rs,
Prologue: prologue,
Random: random,
})
if err != nil {
return
}
padBuf := make([]byte, 2+len(payload))
copy(padBuf[2:], payload)
msg, _, _, err = state.WriteMessage(msg, padBuf)
return
}
func (c *NoiseSession) RunClientHandshake() error {
var (
negData, msg []byte
state *noise.HandshakeState
err error
)
if negData, msg, state, err = ComposeInitiatorHandshakeMessage(c.StaticKey, nil, nil, nil); err != nil {
return err
}
if _, err = c.Write(negData); err != nil {
return err
}
if _, err = c.Write(msg); err != nil {
return err
}
//read negotiation data
/*if err := c.readPacket(); err != nil {
return err
}
negotiationData := c.handshakeBuffer.Next(c.handshakeBuffer.Len())
//read noise message
if err := c.readPacket(); err != nil {
return err
}
msg = c.handshakeBuffer.Next(c.handshakeBuffer.Len())
if len(negotiationData) != 0 || len(msg) == 0 {
return errors.New("Server returned error")
}
// cannot reuse msg for read, need another buf
inBlock := c.NoiseTransport.newBlock()
inBlock.reserve(len(msg))*/
var payload int
payload, c.CipherState, c.NoiseTransport.CipherState, err = state.ReadMessage(inBlock.data, msg)
/*if err != nil {
c.NoiseTransport.freeBlock(inBlock)
return err
}*/
err = c.processCallback(state.PeerStatic(), payload)
if err != nil {
c.NoiseTransport.freeBlock(inBlock)
return err
}
/*c.NoiseTransport.freeBlock(inBlock)
if c.CipherState == nil && c.NoiseTransport.CipherState == nil {
b := c.newBlock()
if b.data, c.CipherState, c.NoiseTransport.CipherState, err = state.WriteMessage(b.data, pad(c.config.Payload)); err != nil {
c.freeBlock(b)
return err
}
if _, err = c.Write(nil); err != nil {
c.freeBlock(b)
return err
}
if _, err = c.Write(b.data); err != nil {
c.freeBlock(b)
return err
}
c.freeBlock(b)
if c.CipherState == nil || c.NoiseTransport.CipherState == nil {
log.WithFields(log.Fields{
"at": "(NoiseSession) RunClientHandshake",
"reason": "unsupported session",
}).Error("unsupported session")
return errors.New("unsupported session")
}
}
*/
//c.in.padding, c.out.padding = c.config.Padding, c.config.Padding
//c.channelBinding = state.ChannelBinding()
c.handshakeComplete = true
return nil
}
package noise
import (
"errors"
"sync/atomic"
log "github.com/sirupsen/logrus"
)
func (c *NoiseSession) Write(b []byte) (int, error) {
// interlock with Close below
for {
x := atomic.LoadInt32(&c.activeCall)
if x&1 != 0 {
log.WithFields(log.Fields{
"at": "(NoiseSession) Write",
"reason": "session is closed",
}).Error("session is closed")
return 0, errors.New("session is closed")
}
if atomic.CompareAndSwapInt32(&c.activeCall, x, x+2) {
defer atomic.AddInt32(&c.activeCall, -2)
break
}
}
if err := c.RunClientHandshake(); err != nil {
return 0, err
}
c.Mutex.Lock()
defer c.Mutex.Unlock()
if !c.handshakeComplete {
return 0, errors.New("internal error")
}
n, err := c.writePacketLocked(b)
return n, err
}
func (c *NoiseSession) writePacketLocked(data []byte) (int, error) {
var n int
if len(data) == 0 { //special case to answer when everything is ok during handshake
if _, err := c.Conn.Write(make([]byte, 2)); err != nil {
return 0, err
}
}
for len(data) > 0 {
/*m := len(data)
packet := c.InitializePacket()
maxPayloadSize := c.maxPayloadSizeForWrite(packet)
if m > int(maxPayloadSize) {
m = int(maxPayloadSize)
}
if c.CipherState != nil {
////fmt.Println("writing encrypted packet:", m)
packet.reserve(uint16Size + uint16Size + m + macSize)
packet.resize(uint16Size + uint16Size + m)
copy(packet.data[uint16Size+uint16Size:], data[:m])
binary.BigEndian.PutUint16(packet.data[uint16Size:], uint16(m))
//fmt.Println("encrypt size", uint16(m))
} else {
packet.resize(len(packet.data) + len(data))
copy(packet.data[uint16Size:len(packet.data)], data[:m])
binary.BigEndian.PutUint16(packet.data, uint16(len(data)))
}
b := c.encryptIfNeeded(packet)
c.freeBlock(packet)
////fmt.Println(hex.EncodeToString(b))
if _, err := c.conn.Write(b); err != nil {
return n, err
}
n += m
data = data[m:]
*/
}
return n, nil
}
package noise
import (
"sync"
"github.com/go-i2p/go-i2p/lib/common/router_info"
)
func (c *NoiseTransport) Handshake(routerInfo router_info.RouterInfo) error {
c.Mutex.Lock()
defer c.Mutex.Unlock()
session, err := c.GetSession(routerInfo)
if err != nil {
return err
}
for {
if session.(*NoiseSession).handshakeComplete {
return nil
}
if session.(*NoiseSession).Cond == nil {
break
}
session.(*NoiseSession).Cond.Wait()
}
// Set handshakeCond to indicate that this goroutine is committing to
// running the handshake.
session.(*NoiseSession).Cond = sync.NewCond(&c.Mutex)
c.Mutex.Unlock()
session.(*NoiseSession).Mutex.Lock()
defer session.(*NoiseSession).Mutex.Unlock()
c.Mutex.Lock()
// if c.config.isClient {
if err := session.(*NoiseSession).RunClientHandshake(); err != nil {
return err
}
// Wake any other goroutines that are waiting for this handshake to
// complete.
session.(*NoiseSession).Cond.Broadcast()
session.(*NoiseSession).Cond = nil
return nil
}
package noise
import (
"bytes"
"net"
"sync"
"time"
cb "github.com/emirpasic/gods/queues/circularbuffer"
//. "github.com/flynn/noise"
"github.com/flynn/noise"
"github.com/go-i2p/go-i2p/lib/common/router_info"
"github.com/go-i2p/go-i2p/lib/i2np"
......@@ -14,10 +17,47 @@ import (
type NoiseSession struct {
*cb.Queue
router_info.RouterInfo
net.Conn
*noise.CipherState
sync.Mutex
*sync.Cond
*NoiseTransport
handshakeBuffer bytes.Buffer
activeCall int32
handshakeComplete bool
Conn net.Conn
}
// Read implements net.Conn
func (*NoiseSession) Read(b []byte) (n int, err error) {
panic("unimplemented")
}
// RemoteAddr implements net.Conn
func (*NoiseSession) RemoteAddr() net.Addr {
panic("unimplemented")
}
// SetDeadline implements net.Conn
func (*NoiseSession) SetDeadline(t time.Time) error {
panic("unimplemented")
}
// SetReadDeadline implements net.Conn
func (*NoiseSession) SetReadDeadline(t time.Time) error {
panic("unimplemented")
}
// SetWriteDeadline implements net.Conn
func (*NoiseSession) SetWriteDeadline(t time.Time) error {
panic("unimplemented")
}
var exampleNoiseSession transport.TransportSession = &NoiseSession{}
var ExampleNoiseSession net.Conn = exampleNoiseSession.(*NoiseSession)
func (s *NoiseSession) LocalAddr() net.Addr {
return s.Conn.LocalAddr()
}
func (s *NoiseSession) QueueSendI2NP(msg i2np.I2NPMessage) {
s.Queue.Enqueue(msg)
......
......@@ -8,9 +8,10 @@ package noise
import (
"errors"
"fmt"
"net"
"sync"
"github.com/flynn/noise"
"github.com/go-i2p/go-i2p/lib/common/data"
"github.com/go-i2p/go-i2p/lib/common/router_identity"
"github.com/go-i2p/go-i2p/lib/common/router_info"
......@@ -18,13 +19,28 @@ import (
)
type NoiseTransport struct {
routerIdentity router_identity.RouterIdentity
*noise.CipherState
router_identity.RouterIdentity
sync.Mutex
Listener net.Listener
peerConnections map[data.Hash]transport.TransportSession
netSocket net.Conn
}
var exampleNoiseTransport transport.Transport = &NoiseTransport{}
// ExampleNoiseListener is not a real Noise Listener, do not use it.
// It is exported so that it can be confirmed that the transport
// implements net.Listener
var ExampleNoiseListener net.Listener = exampleNoiseTransport
func (noopt *NoiseTransport) Accept() (net.Conn, error) {
return noopt.Listener.Accept()
}
func (noopt *NoiseTransport) Addr() net.Addr {
return noopt.Listener.Addr()
}
func (noopt *NoiseTransport) Name() string {
return "noise"
}
......@@ -34,7 +50,7 @@ func (noopt *NoiseTransport) Name() string {
// if the underlying socket is already bound update the RouterIdentity
// returns any errors that happen if they do
func (noopt *NoiseTransport) SetIdentity(ident router_identity.RouterIdentity) error {
noopt.routerIdentity = ident
noopt.RouterIdentity = ident
return nil
}
......@@ -43,7 +59,6 @@ func (noopt *NoiseTransport) SetIdentity(ident router_identity.RouterIdentity) e
// returns an established TransportSession and nil on success
// returns nil and an error on error
func (noopt *NoiseTransport) GetSession(routerInfo router_info.RouterInfo) (transport.TransportSession, error) {
var err error
hash := routerInfo.IdentHash()
if len(hash) == 0 {
return nil, errors.New("NoiseTransport: GetSession: RouterInfo has no IdentityHash")
......@@ -51,10 +66,13 @@ func (noopt *NoiseTransport) GetSession(routerInfo router_info.RouterInfo) (tran
if t, ok := noopt.peerConnections[hash]; ok == true {
return t, nil
}
if noopt.peerConnections[hash], err = NewNoiseTransportSession(routerInfo, noopt.netSocket); err != nil {
return noopt.peerConnections[hash], err
conn, err := noopt.Accept()
if err == nil {
if noopt.peerConnections[hash], err = NewNoiseTransportSession(routerInfo, conn); err != nil {
return noopt.peerConnections[hash], err
}
}
return nil, fmt.Errorf("Unable to obtain transport session with %s", routerInfo.IdentHash())
return nil, err
}
// return true if a routerInfo is compatable with this transport
......@@ -70,9 +88,9 @@ func (noopt *NoiseTransport) Close() error {
return nil
}
func NewNoiseTransport(netSocket net.Conn) *NoiseTransport {
func NewNoiseTransport(netSocket net.Listener) *NoiseTransport {
return &NoiseTransport{
peerConnections: make(map[data.Hash]transport.TransportSession),
netSocket: netSocket,
Listener: netSocket,
}
}
package noise
import (
"net"
"testing"
)
func TestTransport(t *testing.T) {
ln, err := net.Listen("tcp", ":42069")
if err != nil {
t.Error(err)
}
nt := NewNoiseTransport(ln)
t.Log(nt.Name())
}
package transport
import (
"net"
"github.com/go-i2p/go-i2p/lib/common/router_identity"
"github.com/go-i2p/go-i2p/lib/common/router_info"
......@@ -23,6 +25,11 @@ type TransportSession interface {
}
type Transport interface {
// Accept accepts an incoming session.
Accept() (net.Conn, error)
// Addr returns an
Addr() net.Addr
// Set the router identity for this transport.
// will bind if the underlying socket is not already
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment